<!-- Start -->
<h3 style="color:purple" id="info-igql"><b>Information Disclosure :: GraphQL Interface</b></h3>
<hr />
<h5>Problem Statement</h5>
<p>
  GraphQL has a an Integrated Development Environment named <code>GraphiQL</code> (note the <code>i</code>) that allows constructing queries in a friendly user interface.
</p>
<p>
  GraphiQL is usually found in paths such as: <code>/graphiql</code> or <code>/console</code>, however, it can be in other places too.  
</p>
<h5>Resources</h5>
<ul>
  <li>
    <a href="https://www.apollographql.com/docs/apollo-server/v1/graphiql/" target="_blank">
      <i class="fa fa-newspaper"></i> Apollo GraphiQL
    </a>
  </li>
  <li>
    <a href="https://www.gatsbyjs.com/docs/how-to/querying-data/running-queries-with-graphiql/" target="_blank">
      <i class="fa fa-newspaper"></i> Gatsby on GraphiQL
    </a>
  </li>
</ul>
<h5>Exploitation Solution <button class="reveal" onclick="reveal('sol-info-igql')">Show</button></h5>
<div id="sol-info-igql" style="display:none">
  <pre class="bash">
# Beginner mode

# Browse to http://host/graphiql

# Expert mode

# GraphiQL will be disabled.</pre>
</div>
<!-- End -->
